search

usnistgov / ESV-Server

Entropy Source Validation Protocol and Server specifications
13 stars 12 forks source link

JWT refresh does not work #12

Closed smuellerDD closed 2 years ago

smuellerDD commented 3 years ago

According to the spec, the JWTs must be updated if they are expired. This covers all JWTs received by the server.

I have the following JWTs:

Due to the lack of knowing whether I have a separate authorization bearer JWT, I duplicated the ES JWT to use it as auth bearer.

With that, I try to refresh 3 JWTs:

[{"esvVersion":"1.0"},{"password":"30617129","accessToken":["JWT auth bearer","JWT ES","JWT SD"]}]

I sent the request to POST /esv/v1/login/refresh HTTP/1.1

The server returned 404.

celic commented 3 years ago

"accessToken" only accepts a single value for now, not an array. I'll make note we need to bring this feature over from ACVP.

celic commented 2 years ago

This was added in.